Has anyone been directly affected by the "XML flaws" problem? If so, how are you addressing it?

Question

I read this story today on El Reg and I'm wondering if anyone in our community has identified issues within their own projects that relate to this and if so, what are those issues, how critical are they, and more importantly, what is being done to mitigate them?

A more detailed source for information surrounding this story can be found here (thanks to Andrew Hare for this).

Community wiki as there is no right or wrong to this though I think it's relevant to our community.

Answer 1

It may be a bit early to tell. CERT-FI has some details on the affected libraries, and Sun's page references a CVE entry that is still under review. No one seems to have developed an exploit for the vulnerability; it looks like it is (so far) limited to an XML denial of service attack, and they are not new.

On the other hand, it looks like it affects all versions of Java, Apache Xerces, and libexpat. That's pretty widespread.